It is National Security Month, But Payroll Security Is An Everyday Effort

November is National Security Month and there will be a lot of focus on making sure data of all kinds is secure. Your clients rely on you to keep their payroll data safe and secure all year-long, not just during the month of November. Therefore, it’s important to ensure that your firm’s software and technology employs the proper security.

As you prepared to safeguard your clients’ information against potential cyber threats, it’s important to consider where your payroll information is being stored. Is it on a laptop, the Cloud, hosted on a server? Each comes with its own set of risks, such as laptop theft or inadequate security at the server host. However, each also comes with its own level of security and they are not equal. Hosting your clients’ payroll data on a server or in the Cloud is more secure than keeping your data on a laptop. If your laptop is stolen or damaged, employees’ confidential data, such as social security numbers, becomes compromised.

Regularly assess your firm’s systems and processes for any potential risks. Develop a plan to safeguard against potential cyber threats and communicate that plan to your firm and clients. If your data is hosted on a server or in the Cloud, familiarize yourself with the providers’ security systems and software. You should choose a provider that is dedicated to protecting your clients’ payroll data and regularly updates and maintain their servers or software. Just because your data is stored in the Cloud doesn’t mean it’s automatically safe. Software such as RUN by ADP provides a secure Cloud environment and maintains a very stringent data security policy.

As a payroll practitioner, you are accountable for the security of your clients’ data. They are entrusting you to manage their payroll and keep their employees’ confidential data safe, so be aware of who has access to the servers your data is housed on and how often they are maintained. Additionally, have a process in place to determine who handles which data in case a glitch or issue arise. Actively log and monitor all network access and activity. Maintaining up-to-date logs will make it easier to pinpoint any unusual behavior earlier, if necessary. A process should also be in place to revoke access from all systems whenever necessary to prevent former employees from accessing and abusing sensitive client data. Read more on CPA Practice Advisor.